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0 A processor chip for computing addition, multiplication, and exponentiation in a Gal(Ms Reld of integers 
moduto a prime number p, (Ql=)p, includes twelve registers for storing n-bit integers, a full adder for shifting left 
and adding data stored In two of the registers. A feedljack register is included for storing a n-bft number and 
means for generating a feedback number is provided, wherein the feedback number is generated from a prime 
number, p. Also included are modulo means for reducing data bits stored in the registers modulo a prime 
number p. 
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MODULO ARrTHMEnC PROCESSOR CHIP 

This invention relates to a processor chip and in particular, but not exclusively to a processor chip for 
computing addition, muft'plication, and exponentiation in the Galois Field of integers modulo a prime 
numljer. 

Cryptographic systems transmitting a computationally secure cryptogram which is generated from a 
5 publicly known transformation of a message sent by a transmitter have been described in several patents. 
Including U.S. Patent Number 4J200,770 to Hellman at el., U.S. Patent Number 4.405,829 to Revest at eL, 
U.S. Patent Number 4.21 a582 to Hellman at el., arnj U.S. Patent Number 4.424,414 to Hellman at el. These 
patents in gerteral, teach the broad concept of using a secure cipher key that is generated by a set of 
conversers from transformations of exchange transform signals. A set of conversers each possess a secret 
70 signal and exchange an initial non-secret transformation of the secret signal with the other converser. The 
received nor^secret transformation of the other converser's secret signal is again transfonmed with the 
receiving converser's secret signal to generate a secure cipher key. The transformations use known 
operati(»is that are easily performed but extremely difficult to invert It is believed infeasibie for an 
eavesdropper to invert the initial non-secret transformation to obtain either converser's secret signal, or 
15 duplicate the latter transformation and obtain the secure dpher key. 

None of these patents teach the particular means or apparatus necessary for Implementing their broad 
inventive concepts. In particular, none of these patents teach how to buiki a processor chip for performing 
the necessary transformations for passing a secure key. 

Further, none of these patents teach or suggest how to implement these transformations in rapid fast 
20 method on a processor chip. 

Embodiments of the present invention provide a processor chip for computing addition, multiplication, 
and exponentiation in the Galois Field of integers modulo a prime number p. 

Embodiments of the present invention provide a processor chip for performing an exponentiation 
operatk>n in a rapid manner. 

25 According to one aspect of this invention, tfiere is provided an apparatus for computing multiplication In 
the ring of integers moduk) an integer numt^er. p. comprising: 
an X register having L-bits for storing an n-t)it integer X; 
a Y register having L-bits for storing an n-bit integer Y; 
first and second A registers for storing L-bits each; 
30 means for transforming the n-brt integer X from X register into first and second alternate integers having 
L-bits each and storing first and second alternate integers in said first and second registers A: 
control means connected to said first and second A registers tor generating a control signal; 
first and second B registers for storing L-bits each; 
first and second C registers for storing L-bits each; 
:^ a full adder coupled to said first and second B registers, said first and second V registers, and sakJ 
control logic, and responsive to the control signal being a 1 -bit tor shifting left arKl ^ding date stored in 
said first and second B registers to data stored in said first and second C registers, respectively, and 
responsive to the control signal t)eing an O-bnt for shifting left data in said first and second B registers; 
a feedt)ack register having L-blts for storing an n-t)it feedttack numfcien 
40 means for generating a feedback number from tfie integer number, p, having n-bite and storing the 
feedback number in the feedback register; 

modulo means coupled to said feedt)ack register and said first and second C register for reducing date 
bits stored in said first and second C registers modulo the integer numt>er p; arKi 

means for converting date bite in said first and second C registers to an L-bit integer and storing the L- 
45 bit integer in said Y register. 

Further aspects will be apparent from a study of the claims attached hereto. 

According to embodimente of this invention, as broadly descritsed herein, a processor chip tor adding a 
first integer having n-btte to a second integer having n-bite, wherein the first integer plus the second integer 
equals a third integer having n-bite, modulo a fourth integer having n-bite. is provided, comprising first 
50 register means for storing the first integer, second register means tor storing the second integer, and 
feedback means for generating and storing a feedback number. The feedt)ack number is the two's 
complement of the fourth integer. These embodimente Include arithmetic means coupled to the first register 
means and the second register means. The arithmetic means is for adding the first integer to the second 
integer, thereby generating the third integer. The third integer is then stored in accumulator means which is 
coupled to arithmetic means. These embodimente forther include overflow means coupled to the accumula- 
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tor means for storing an overflow integer which is overflowed from the third integer. Additionally, mearw is 
provided for fetching the feedback number into the second register and adding the feedback number using 
arithmetic means to the third integer in the accumulator means. Also, means coupled to the accumulator 
means and responsive to tiie third integer being greater than the fourth integer, may be provided for 

5 reducing the third integer modub the fourth integer. 

A further embodiment of this invention includes a modulo arithmetic processor chip for multiplying a 
first integer having n-bits by a second integer having n-bits. wherein the first integer times the second 
integer equals a tiiird integer having n*brts, modulo a fourth integer having n-bits. The modulo arithmetic 
processor chip for multiplying includes first register means for storing the first integer, second register 

70 means for storing the second integer, feedback means for generating a feedback number, wherein the 
feedback number equals the two's complement of the fourth integer, and arithn^etic means coupled to the 
first register means and the second register means, and respwnsive to the least significant position of the 
first integer shifted right from tfie first register means, for adding ttie second integer to the third integer. 
Accumulator means is provided coupled to the arithmetic means for storing the third integer. Also included 

j5 is overflow means coupled to the accumulator means for counting and storing overflow bits as an overflow 
integer and second partial reduction oceans coupled to the ovwflow n>eans, the feedback means, the first 
register means and the secorwl register means, and responsive to tfie completion of multiplying the first 
integer by the second integer, for transfem'ng the overflow integer into the first register means, transfwring 
the feedback number into the second register means, and multiplying the feedback number by tiie overflow 

20 integer to generate a product, and adding the product to the tiiird integer in the accumulator register means. 
Means is provided coupled to ti^e accumulator means and responsive to the third integer being greater than 
the fourtti integer, for reducing the third integer modulo ttie fourth integer. Also, first partial reduction means 
is included coupled to tfie second register means and responsive to the ntost significant position of the 
second integer shifted left from the second register means, for adding ttie feedback number to the second 

25 integer, thereby partially reducing ttie second integer. 

Additional objects and advantages of the invention will be set forth in the description which folkjws, and 
in part will be obvuDus from the description, or may be learned by practice of the invention.- 

The invention will now be described by way of non-limiting example, reference being made to the 
accompanying drawings, in which:- 

30 Rg. 1 illustrates tiie shifting operation of a processor chip according to an embodiment of the present 

invention; 

f=ig. 2 illustrates the accumulator operation of the processor chip according to an embodiment of the 
present invention; 

Rg. 3 illustrates the basic structure of the processor chip according to an embodiment of the present 
35 invention; 

Rg. 4 illustrates \he basic cell of the proces^r chip according to an embodiment of ttte present 
invention; 

Rg. 5 illustrates the registers configuration in an embodiment of the present invention 
Rg. 6 illustrates the multiply sub-routine in an embodiment of the present invention: 
40 Rg. 7 illustrates the overflow compensatton sub-routine in an embodiment of the present invention; 

Rg. 8 illustrates tiie two N-bit to one N-bit reduction sutxoutine in an embodiment of ttie present 
invention; 

Rg. 9 illustrates the and F» set up in an embodiment of the present invention; and 
Rg. 10 is an overall flow chart of the processor chip according to an embodiment of the present 
45 invention. 

Reference will now be made in detail to the present preferred embodiments of the invention, an 
example of which is illustrated in the accompanying drawir?gs. 

A preferred embodiment of the present invention includes an X register having L-bits storage for storing 
an N-bit integer X, a Y register having L-blts storage for storing an N-bit register Y, and first and second A 
50 registers for storing L-bits each. The invention includes mear\s for transfonming the N-bit integer X from X 
register Into first and second alternate integers having L-bits each and storing first and second alternate 
integers in tiie first and second registers A. Also included are control means connected to the first and 
second registers for generating control signal. 

Rrst and second B registers for storing L-bits each, and first and second C registers for storing L-bits 
55 each are coupled to a full adder. The control logic also is coupled to ttie full adder, and the full adder is 
responsive to a control signal being a 1-bit from the control logic, for shifting left and adding data stored in 
ttie first and second B registers to data stored in tiie first and second C registers. The full adder is 
responsive to tiie control logic signal being a 0-bit for shifting left data in the first and second B registers. A 
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feedback register having L-brts for storing an H^H feedback number is included along with nneans for 
generating a feedt>ack number from a prime number, p, having N-btts and storing the feedback number in 
the feedt)ack register. Modulo means is coupled to the feedback register and the first and second C register 
for redudng data bits stored in the first arul second C registers modulo the prime number p and means for 
5 converting data bits in the first and second C registers to an L-bit irrteger and storing the L bit integer in the 
Y register. 

The processor chip according to an embodiment of the invention computes addition, multiplication, and 
exponentiation in the Gak>is Held of integers modulo a prime number p. GF(p). For large prime numbers, 
several chips can be cascaded together to function as an equivalent single larger diip. Also these chips can 
10 be used for computing exponentiatran in the ring of integers moduk) a composite numt»er, the factorization 
of which is kept secret such as in ttie RSA public key cryptographic scheme. The following discussions 
focus on the Galois Reld GF(p) where p is a prime number. 

Assume the prime number p is an n-bit number with the radix-two fonm (usual binary representation) 
p = P[n-1]2^^ + P[n-2]2^ +„.+ P[1]2 + P[0] 
75 where {P[il} are binary symbols. It is convenient to also use the two's complement form of p, 
p = 2" -F[n-1l2^^ -Ftn-2J2^ -„.-FI1 ]2-F[0] 
where {F[i]} are binary symbols. Since p is equivalent to zero in GF{p), one has the relationship 

2" mod p = F[n-112"-^ + FIrT-212** +... + F[1]2 + FIO]. (1) 
Thus, 2" is equivalent to an n-bit twnary number witfi radix-two form having bits {FpJ}. This fact is used 
20 extensively in reducing all integers to n-t>it representations. Here {Fp]} are called '^feedt^ack bits." 

Conskier exponentiation in GF(p). Let X be an element of GF(p) and Z an m4>it irrteger represented by 
Z = Z[m-112«»-' + Z[nrv2J2^ +...+ Z[1]2 + z[0]. 
Any element of GF(p) such as X also has a representation given by 
X = Xln-ll^*-* + X[n-2]2^ +.,.+ X[1J2 + X[0]. 
25 Here {Z[i]} and {X[i]} are binary symbols. Consider computing the following: 
Y = X^ mod p 

where Y is, of course, an element in 6F(p), The basic operations of exponentiation for this processor chip 
are derived by the following equation: 



30 X^ = X^O] + 2Z[1] + 22Z[2] +...+ 2^^Z[m-1] 



35 



= X^^{X^'^{X'^^..pC^ '""^ )Zrm-1]j2j2 

HoiB that by defining 

k = 1, 2, .„,m 
one has the exponentiation algorithm 

Efc = X^«^JE2^t 
45 k = 2, 3, .... m 
where 

and 

Y = Era mod p. 

50 Exponentiation comprises a series of multiplications modulo p. For any two integers A and B 
AB mod p = (A mod p) (B mod p) mod p 
Thus each product of integers modub p needs not be reduced until all products that form the exponen- 
tiation is completed. In addition, a partial reduction at each stage can be performed using tiie relationship in 
Eq. (1). This partial reduction allows representing all integers by n binary symt>ols. 

55 
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MULTIPLY ALGORITHM 

The heart of the processor chip is the GF(p) multiply operation. Consider two n-bit Integers A and B that 
belong to GF(p). These are any two Integers less than p. Consider the required multiplier operation 
5 C = AB mod p. 

A, B. and C are refenred to as the "multiplier." the "multiplicand." and the "product" respectively 



A. Altemath/e Representation 

10 

As noted above an element A in GF(p) can be uniquely represented by n binary symbols {AP]} as 
A = A[n-1]^' + A[n-2]2"^ +...+A[1]2 + A[01. 
To avoid carry propagation when two such n-brt integers are added, consider an alternative non-unique 
representation of the form 

15 

A = A, + A,2 

= A.(n-1]2^' + Aitn-aja**^ +... + A.[112 + A.(0] 
+ AJn-112" + Ain-2]n"-' +...+AJ1J22 + AJ0]2 

20 where CA,[i]} and {Ajp]} are binary symbols. There are many pairs of n bits that represent the same integer 
in this representation. The i'** components of A, and A^. A.ni and AJi]. define the i"* integer component 
API = A.D1 + AJi]2 

which is a 2-bit integer having values of 0.1.2, or 3. B and C are represented in the same form, where for B, 

25 B = B, + B,2 

= B.[n-1]2»-' + B,[n-2]2'>^ +...+ B,[1]2 + BJO] 
+ BJn-1]2" + BJn-2]2^' +...+ B2^^^ + BJ0]2. 

The i*** components of B. and B„ given by B,[i] and Bap], fonm the i^** integer component of B. 
30 BP] = B.0] + BJi]2 

which Is also a 2-brt integer having values less than or equal to 3. In this non-unique representation, 
integers A, B. and C are represented by n 2-blt integer components. 

Since the atxsve alternative representations for A. B. and C are not unique, there is some freedom to 
choose representations that are easy to implement Specific forms are described next which assume there 
35 are two n-bit registers for the multiplier A. for the multiplicand B. and for the product C. 



B. Multiplier 

40 A "shift and add" multiplier includes having the "multipiler" A = A, + A.2. which is held in two n-bit 
registers, being shifted to the right (Higher order bits are on the left) into a control logic that computes a 
"sum" and "carry." The "sum" bit is used to control the adding of the shifted "multiplicand" B = B, + B22 
integer to the "product" accumulator given by C = C, + Ca2. The control logic for the multiplier is at the 
right end of the A. and A, n-bit registers. It has binary vaiables r„ r,, and A,, originally set to zero. This 
45 logic computes integers 
r= r, + A,. + A,[0] 
and 

A,, + AJO] 

where ris a 2 bit integer of the radix-two form 
so r= r, + ra2. 

During each shift to the right of the multiplier registers A, and A,, r, is set to r,. r^ is set to ri, and A,, is set 
to A,.. 

The multiplier logic at the right end of the A, and A, registers merely converts the non-unique n-bit 
radix-two form where ttie resulting bits {r.} are used to control tiie adding of the shifted multiplicand 
55 registers B, and B, to the product accumulator registers C, and C». 
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C. A4uftiplfcand 

The muttiplicand is held in two n-bit registers 6. and B,. which are lifted left (multipGed by 2). Before 
each left shift of the B, and B, registers; these register bits are added or not added to the product 
5 accumulator registers C, and C, depending on the multiplier logic output bit r.. 
The multiplicand B has the form 

n-1 

70 B ■= (BiCi] + 232Ci])2i, 

i=0 

or on rearranging terms, the fonm 

75 

n-1 

B = S (BiCi] + B2Ci-l])2i + B2Cri-l]2^. 



20 



Multiplying by 2 gives 



2B = . 2 (BiCi-l] ^ B2[i-2])2i 

25 1=1 

+ (2B2Cn-l] + BiCn-l] B2[n-2])2^^ 

^ Recall that each 2" term can be replaced by the feedback terms using Bq. (1). The number of such 2" 

terms Is given by 

S = 2BJn-1] + B.[n-1] + BJn-2] 

and tiie feedback n-bit sequence is 
^ Fs = S2'* mod p. 

F=bur possible non-zero feedfc»ack terms are defined as F„ Fi, F,. and F*. Now the shifting operation of 
the B integer is given by 
Initial Condition: Load B and set 
S = 2BJn-1] + BJn-1] + BJn-2]. 

Shift according to: 

40 

A y\ A A ^ 

B = - 2 (BiC-i] + B2Ci-l])2^ + B2Cn-l]2^ 
i=o 

45 

n-1 

= 2 .(BiCi-1] + B2Ci-2])2l + Fs 
50 S = 2B2[n-l] + Bj^Cn-l] + B2[n-1]. 



Here B is the original register integer, and B- 2B is the shifted register integer. Fig. 1 Illustrates this 
shifting operation using full adders. 

55 
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0. Accumulator 

At any given time, B has the fonri 



^"1 

B = ^ (BiCi] + Bo[i-l])2i + B2Cn-l]2^ 
i=0 

10 

tf r, = 1, this is added to the integer C. which consists of two n-bit registers. The problem of handling 
overflow tenns must be taken care of using Eq. (1). Since no shifting of the C register is involved, all the 
overflow terms are accumulated until ail shifts and adds are completed. At the end of the shifts and adds, 
all the accumulated overflow terms are added to the C registers to obtain the final answer. 

^5 Assuming r. = 1, each adding of B to C is Illustrated In Rg. 2 in tenms of two sets of full adders. After 
all shifts and adds are completed, the counter contains an Integer I and the final product AB mod p is 
obtained by adding 12" to the integer C contained in the two n-bit registers. This is done by replacing 2" by 
F. = 2" mod p and adding IF, to the accumulator registers by restarting ttre shift and add operations with A 
replaced by I and B replaced by F, and starting with the current C register values. Agan the operations 

20 shown in Rg. 2 is used. This is repeated until a shift and add cycle is completed and I =0. 

Note that if the original integers A and B con^sts of n bits each, then any shift of B adds less than two 
2" terms to C no more than n times. Thus the counter has count integer I that is no higher than 2n. For n =» 
8000. one only needs a 14-bft counter. Thus the counter value I is at most a 14-bit integer, and the shift and 
add cycles associated with adding IF, to the accumulator is short compared to the originai shift and add 

25 cycle- 

PRODUCT REDUCTION 

3(, When a multiply operation is completed, the contents in the two n-tjit registers C, and C can be 
transferred to the two n-bit registers A„ Ai, and/or B„ B, to continue the exponentiation algorithm. When the 
exponentiation algorithm is completed, it is desirable to reduce the integer C in the two n-bit registers to a 
single binary form 

35 n-1 

C = 5 Ci[i]2^ 
i=0 

where CJi] ^ o for all i = 0, 1, .... n-1. 
^ Note that in the two n-bit form the integer C satisfies 

C = C.[n-112»-' + CJn-2]2^ + ... + CtO] 
+ CJn-2]2^' + CJn-312^ + ... + CJ-1] 
<2"*^ 

45 

where CJ-I] = 0 and Cj[n-1] = 0. Since 2" + 2 = there can be at most one 2" tenfn in C in the 
usual n-bIt representation. The conversion to this single n-bit form is given as follows: 

Step 1: Set N <— n 
^ Step:l<— 0 

Step 2: Set C <— C + 0 

N <— N - 1 
Step 3: Check N = 0 
If N = 0, go to Step 4. 
^ If N / 0. go to Step 2. 
Step 4: Check counter i 
If I = 0, stop. 

If I / 0. Set C <— C + F, and go to Step 1. 
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One can see that this works by examining Rg. 2 with B = 0. Starting from the lowest order bits, the first C 
• + 0 operation causes CJO] = 0, the second C + 0 operation causes CJ1] = 0, etc 



REDUCnON MODULOp 

The single n-bit representation of C is 

n-1 

C = 5 Ci[i]2^ < 2^, 

i=o 



Assume that the highest order bit of p is one. Then 



20 



25 
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35 



40 



50 



55 



n-1 
i=0 



where P[n-1] = 1. This is not a restriction since n is by definition the number of bits necessary to represent 
p. Thus 
p^s^^ 

or 

2pa2" 
and 

C<2p. 

If the representation of C is greater than p, that is, 
C>p, 

then it is desirable to convert C to C-p by performing the following steps: 

Step 1: Set Y<—C 
Step 2: Set C <— C + F, 
St^ 3: Set N <— n 

l<— 0 
Step 4: Set C <— C + 0 

N <— N - 1 
Step 5: Check N = 0 

If N = 0, go to Step 6. 

If N/0, go to Step 4. 
Step 6: Check counter I 

If I = 0, stop. 

If I / 0. set Y <— C and stop. 

To show that this is correct, note that the final answer is either the single n-bit representation C which 
satisfies 
0^5 C< 2p 

or if this Is greater than p, rt is C-p whk:h satisfies 

0 S Oi) < p. 
Since 

p = 2" -F, 
then 

C + F, = 2" + (C-p). 

If after redudng C + F, Into a single n-brt representatton. one has I ^ 0, then C-p ^ 0 or C 2: p and accept 
the latest contents of the C, register as the answer. Otherwise, if I = 0. the original C. register value (before 
adding F.) is the desired answer. 
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PROCESSOR CHIP 

The following presents the general features of GF(p) processor chip that computes 

Y = mod p 
5 Y = XZ mod p 

and 

Y + X + Z mod p. 



10 A. Basic Structure 

The processor chip has the basic structure Illustrated in Rg. 3, comprising of 12 L-bit registers. L full 
adders, and control and feedback logic. The prime number feedbadc terms Fj and F4 are computed from 
input F, while F, is merely a shift of F,. Other inputs to this chip are the integer X and the Integer Z. 
75 Assume that all these integers are represented by L bits and that the prime number p is an L-bit integer. 
The final exponentiation will be located in the L-bit registers Y. Anytime after loading the F„ Z. and X 
registers, a start command can initiate ttte add, multiply, or exponentiation computation. Loading in these 
registers Is not allowed during computations. 

Since exponentiation consists of a sequence of multiply operations, C = AB, the l)astc structure of Rg. 
20 3 is primarily a GF(p) multiplier. The final answer ends up in the L-bit registers C, which is then loaded into 
the Y registers. The Y registers can only be read out after all computations are executed. 

The bulk of the basic structure consists of the set of 12 L-bit registers and L full adders. A vertical slice 
through this basic structure, is shown as the basic cell of Rg. 4. The bulk of the basic structure of Rg. 3 
includes identical copies of the basic cell shown in Rg. 4 that are cascaded L times much like a set of 
25 register ceils. 

The bask: cell consists of 12 registers and single full adder which is time shared to do the operations 
shown in Rgs. 1 and 2. Illustrated in Rg. 4 are load lines and communication lines where a basic cell 
receives inputs from two right adjacent cells and sends outputs to two left adjacent cells. Also there Is a 
control bit r, ttiat goes to all cells from right to left and ttiree feedback bits So, s„ and St tfiat goes to all cells 
30 from left to right 



B. Mismatch 

05 Up to tills point ttie processor chip includes L basic cells and, ttierefore. all integers of interest are L-bit 
integers. The prime number p also was assumed to be an L-bit prime Integer. 

Consider the processor chip having L basic cells as t»efore but now the prime number is represented 
by n bits where n ^ L and Z is represented by m bits. The chip structure of L basic cells can be used to 
obtain the desired exponentiation. 

40 For an n-bit prin^. ti^e integer X is an n-bit integer and the result of addrtkwi, multiplication, or 
exponerrtiation is also an n-^X integer. To allow for the mismatch between L and n, the n-bit integers X and 
F are loaded into the highest n-bit register positions of the X and F registers. The highest nrrtit positions of 
ttte Z registers are loaded witti the m-bit integer Z. This Is shown in Rg. 5. Essentially, only ttte upper n 
cells of the L cell chip are used. The only modification required here is that at the beginning of each 

45 multiplication, ttie A, and At registers must be shifted right by q = L =» n steps so ttiat the right end logic is 
synchronized correctty. 

C. Modular Chip 

50 

For large prime numbers, it may be impractical to place ail basic cells in a single chip. Thus, a modular 
design is used where tiiere are L basic cells on a single chip. Thus a single chip can compute 
exponentiation for any n-bit prime number p where n i L In ttie modular chip design, two chips in ca^^ade 
can act like a single chip with 2L basic cells and handle prime numbers where n i 2L The modular design 
66 is such ttiat K modular chips in cascade behaves like a single chip of KL t>aslc ceils ttiat can compute 
exponentiation in GF(p) where p is an n-bit prime with n i KL 

To achieve ttiis modular design, consider ttie structure of Rg. 3 to represent a modular chip where ttie 
left end logic drcuits can be disengaged by an input control pin and ttie right end logic circuits can be 
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disengaged by another input control pin. Input and output pins are located on each chip to allow two chips 
to connect together so that the sequence of the basic cells corrtinue from one chip to the next chip. Thus ail 
chips have L basic cells and all the end logic circuits as shown in Rg. 3. The primary modification is that 
the end logic circuite can be disengaged, and chips can be connected to continue the cascade of basic 
5 cells. 

A cascade of K modular chips then has a left most chip with its left logic circuits engaged and its right 
logic drcuits disengaged. The K-2 intermediate chips have ail end logic drcuits disengaged while the right 
most chip has its left logic circuits disengaged and its right logic circuits engaged. Since the end logic 
drcuits take up only a small fraction of each nrKKiular chip, tt^re is little total chip area lost to the unused 
10 end logic drcuits. In addition to the end logic drcuits shown in Rg. 1, there is the overall chip controller that 
also is duplicated on each chip although only used on the left most chip in a cascade of modular chips. 
This chip controller, which also takes up little chip area, is described next. 



IS CHIP CONTROLLER 

Assume there are K modular chips cascaded to fbnm KL ba^c cells. Let n be the number of bits in the 
representation of tfie prime p. 

20 



35 



40 




Related control parameters are n. m. and q where 
n = number of bits representing p 
m = number of bits representing z 
q = KL-n 

With these parameters entered into control registers, the n-bit inputs X and F and m-bit input Z are entered 
before each calculation. 



A. Basic Subroutines 

Multiplication is represented in flowcharts as. 
MPY 

overflow compensation ts represented as, 
OVF 

Compensation 

and the two n-bit to one n-bit reduction is represented as. 



2 > 1 

Reduction 

The three subroutines are shown in Rgures 6. 7. and 8. The counter in Rg. 2 has count integer denoted 
1, which is the overflow index used in these subroutines. 

Multiplication is the nK>st common subroutine used in exponentiation. Overflow compensation is used to 
^ check for a 2" term in the counter (see Rg. 2) and, if so, apply a feedback tenm using Eq. (1). The two n-bit 
to one n-btt reduction forces n additions of 0 to C. 



55 
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B. Caicutation of Feedback Terms 



Recall that we have the feedt}ack term 



Fg - S2^ mod p 




n-1 

i=0 



n-1 



F2 - 2Fi = 



FCi-l]Z^ 



i=l 



F3 = F2 + ^1 P' 



and 



F» = Fa + F, mod p. 

Since the prime number has the highest order bit Ptn-1] = 1. we have F[n-11 =0. Thus F, can be 
obtained from F. by a simple shift since that does not result in a number with a a'Herm. F, and F4, however, 
may require a mod p reduction. Only F,. F,. and F* are stored in registers. F, and F» are computed using 
the flow diagram of Rg. 9. 



C. Overall Control Program 

Using the subroutines described above, the overall control flowchart is shown in Rg. 10. This consists 
of three separate functions of exponentiation, multiplication, and addition followed by a common part that 
first reduces the answer in the d and C2 registers into a single n-bit form in C. and then completes the final 
mod p reduction. 

It wiil be apparent to those skilled in the art that various modifications can be made to the Galois field 
processor chip of the instant invention without departing from the scope of the invention, and it is intended 
that the present invention cover modifications and variations of the Galois field processor chip provided they 
come wrthin the scope of the appended claims and their equivalents. Further, it is intended that the present 
invention cover present and new applications of the Galds field processor, including smart cards, public key 
management for encryption, and message authentication. 



1. An apparatus for computing multiplication in the ring of integers moduto an integer numt>er, p. 
comprising: 

an X register having L-bits for storing an n-bit integer X; 
a Y register having L-bits for storing an n-bit integer Y; 
first and second A registers for storing L-bits each; 
means for transforming the n-l)it integer X from X register into first and second alternate integers 
having L-bits each and storing first and second attemate integers in said first and second registers A; 
control means connected to said first and second A registers for generating a control signal; 



Claims 
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first and second B registers for storing L-bits each; 
first and second C registers for storing L-bits each; 

a full adder coupled to said first and second B registers, said first and second C registers, and said 
control logic, and responsive to the control dgnai being a 1 -bit for shifting left and adding data stored in 
5 said first and second B registers to data stored in said first and second C registers, respectively, and 
responsive to the control signal being a 04»t for shifting left data in said first and second B registers; 
a feedback register having L-txts for storing an n-btt feedt>ack numt^er; 
means for generating a feedback number from the integer numt»er, p, hgving-n-bits and storing the 
feedbacic number in the feedback register; 
ro modulo means coupled to said feedba:k register and said first and secorkl C register for reducing data 
bits stored in said first arxl second C registers modulo the integer number p; and 

means for converting data bits in said first and second C registers to an L-bit integer and storing the L* 
bit integer in said Y register. 

2. An apparatus for computing addition in the ring of integers modulo an integer number, p. comprising: 
15 an X register having L-bits for storing an n-bit integer X; 

a Y register having L-bits for storing an n-bit integer Y; 
first ar)d second A registers for storing L-bits each; 
means for transforming the n-bit integer X from X register into first and second aftemate integers 
having L-bits each and storing first and second alternate integers in said first and second registers A; 
20 control means conriected to said first and second A registers for generating a control signal; 
first and second B registers for storing L-bits each; 
first and second C registers for storing L-bits each; 
a full adder coupled to sakl first and second B registers, said first and second C registers, and said 
- control logic, and responsive to the control signal being a l-bit for adding date stored in saW first and 
25 second B registers to date stored in said first and second C registers, rsspectiveiy; and 

means for converting data bits in said first and second C registers to an L-bit integer and storing the L- 
bit integer in s^d Y register. 

3. Apparatus according to dalm 2, further comprising: 

a feedback register having L-tits for storing an n-bit feedback numt>er; 
30 means for generating a feedback numt>er from the integer number, p, having f>-bite and storing the 

feedback number in the feedback register and 

OKidulo means coupled to said feedt>ack register arKi said first and second C register for reducing date 
bits stored In said first and second C registers modulo the integer numt>er p. 

4. Apparatus according to claim 1. further comprising: 

35 means for computing exponentiation in the ring of integers modulo an integer number p from a series 
of multiplications modulo p according to 

)(Z X^^{X'^^{X'^L.{X2 '""^ jZlin-1)j2j2 

5. Apparatus according to any one of claims 1 to 3, furth^ comprising: comprising: 

40 an overftow counter coupled to full adder tor counting overflows, l» from said full counter, and 

wherein said full ^der adds 12" to to said first and second C registers by replacing 2" by the feedt>ack 
number Fi and adding IFj to the accumulator registers. 

6. A modulo arithmetic processor chip for adding a first integer A having n-bite to a second integer B 
having n-bits, wherein the first integer A plus the socotkI integer B equals a third integer C having n-bite, 

45 moduk) a fourth integer p having n-brte, and wherein the first integer A is represents by the binary 
numbers {Ap]} in the form A = A[n-112^^ + A(n-2^+ Atn-3]2"^ + + A(112 + A[0], the second 
integer B is represented by the binary numbers {Bp]} in the form B = B[n-1 J2^^ + Btn-212f^ + B(n-3^ 
. + .., + B[1]2 + B{01 

the third integer C is represented by the binary numbers {Cpl} in the fonm C = Ctn-112^^ + Ctn-2]2'*^ + 
so C[n-312^ + ... + C[1 12 + C[Ol and the fourth integer p is represented by the binary numbers {Pp]} in the 
fomi p = [n-112^^ + P[n-2]2^-P[n-3]2'^ + ... + PI112 + P[0]. whereby C = (A + B) mod p. comprising; 

first register means for storing the first integer A; 

second register means for storing the second integer B 

feedback means for generating and storing a feedback numt^er F, wherein the feedt>ack numt)er F is 
55 the two's complement of the fourth integer p and thereby F = 2" -p; 

arithmetic means coupled to said first register means and said second register means, for generating 
the third integer C from adding the first integer A to the second integer B; 

accumulator means coupled to said arithmetfo means for storing the third integer C; 
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overflow means coupled to said accumulator means for storing an overflow integer; 
means coupled to said overflow means and said second register means and responsive to the overflow 
integer, for fetching the feedback number F into said second register B and adding the feedback number F 
using arithmetic means to the third Integer C in said accumulator means; and 

5 means coupled to the accumulator means and responsive to the third integer C being greater than the 
fourth Integer p. for reducing the third integer C modulo the fourth integer p. 

7. A modulo arithmetic processor chip according to ciaim 6 wherein said arithmetic means includes a 
plurality of full adders coupled to said first register means and said second register means, for adding the 
first integer A to the second integer B. 

70 8. A moduto arithmetic processor chip according to claim 6 wherein said arithmetic means includes a 
plurality of half adders coupled to said first register means and said second register means, for adding the 
first integer A to the second integer B. 

9. A modulo arithrnetic processor chip for adding a first Integer A having n-bits to a second integer B 
having n-bits, wherein the first Integer A plus the second integer B equals a third integer C having n-bits, 

76 modulo a fourth integer p having n-bits, and wherein base bits of the first integer A are represented by the 
binary numbers {A,D]} in the fonm A. = A,[n-1]2^' + A,[n-2]2»^ + A,[n.3]2^ + .« + A.[1]2 + A,[0], carry 
bits of the first integer A are represented by the binary numbers {AJi]} in the fonm A» = Aa[n-1]2^^ + AJn- 
2]2^ + AJn-3]2^ + ... + Aa[1]2 + AJO], base bits of the second integer B are represented by the binary 
numbers {B,ni} in the fonn 8. = B»tn-1]2^^ + B.[n-2]2'^ +B.[n-3]2^ + ... + 8,(1 ]2 + B,[0], cany bits of 

20 the second integer B are represented by the binary numbers {Bap]} In the form B, = Bj(n-1]2^' + BJn-2h 
2"^ + B,In-312^ + ... + BJ112 + BJO], base bits of the third integer C are represented by the binary 
numbers {Cpl} in the fomn C. = C,[n-1]2"-' + C^n-2]2'^ + C,(r>-3]2^ + ... + C,[n-2]2 + C,[0]. canry bits 
of the third Integer C are represented by the binary numbers {CJi] in the form C, = C4n-l]2^^ + CJn-2]2^ 
2 +CJn-312*^ + ... + Cyn-2]2 + CJO], and the fourth integer p is represented by the binary numbers {P- 

25 DI} in the form p = P[n-1]2^' + P[r>-2]2^ + P[n-3J2^ + ... + Pt112 + P[0]. whereby C = (A + B) mod 
p. comprising: 

first-base-register means for storing the base bits of the first Integer A; 
first-canry-registor means for storing the carry bits of the first integer A; 
second-base-register means for storing the base bits of the second integer B; 
30 second-canry-register means for storing the canry bits of the second integer 8; 

feedback means for generating a first feedback number F„ a second feedback number F„ a third 
feedback number F^ and a fourth feedback number F», wherein the first feedback number F, is the two's 
complement of the fourth integer p and thereby F, = 2" -p. the second feedback number F, equals two 
times the first feedback number F, and thereby F, = 2F. mod p. the third feedback number F, equals three 
35 times the first feedback number F, and thereby F, = 3F. mod p, and the fourth feedback number F. equals 
four times the first feedback number F. and thereby F* = 4F, mod p; 

arithmetic means having a plurality of full adders, coupled to said first-base-register means, said first- 
canry-register means, saW secorwl-base-register means, and said second-carry-register means, for simulta- 
neously adding with said plurality of full adders the base bits and carry bits of the first integer A to the 
40 respective base bits of ttie second integer 8 to generate a first sum having base bits and canry bits, and 
sul>sequently adding with said plurality of full adders the base bits and carry bits of the first sum to the 
re^)ecth/e carry bits of the second integer B to generate the base bits and the carry bits of the third integer 
C, respectively; 

accumulator-base means coupled to said arithmetic means for storing the base Wts of the third integw 

45 C; 

accumulator-carry means coupled to said arithmetic means for storing the carry bits of the third integer 

C; 

overflow means coupled to said accumulator base means and said accumulator carry means for 
counting arKi storing overftow bits as an overflow integer I; 

50 means coupled to sakl overflow means, said second-tjasenBgister means, and said feedback means, 

and responsive to ttie overflow integer I = 1, 2, 3. or 4, for fetching tiie feedback number F„ F,, F,. or F«, 
respectively, from said feedback means Into said second-tiase-register means and adding the feedback 
number F„ F,. F,, or F», respectively, using arithmetic means to tine ttiird integer C in said accumulator-base 
means and said accumulator-canry means; and 

55 means coupled to the accumulator-base means and responsive to the third Integer C being greater 

than ttie fourth integer p, for reducing the ttiird integer C modulo tiie fourth integer p. 
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10. A modulo arithmetic processor chip for adding a first integer A having n-brts to a second integer B 
having n-bits» wherein the first integer A plus the second integer B. equals a third integer C having rvbits, 
nKXiulo a fourth integer p having n-bits. and wherein t^ase bits of the first integer A are represented by the 
binary numbers {A.D]} in the form A, = A,[r>-112^^ + A,[n-212^ + A,[n-3J2^ + ... + A,[112 + A,[OL carry 

5 bits of the first integer A are represented by the binary numbers {AJ\J} in the form A, AJn-Ija^' + AJn- 
2J2^ + A2[n-3]2^ + ... + AJ1J2 + AJOJ. base bits of the second integer B are represented by the binary 
numbers {B.DI} in the fonn B. = B.[n-1J2"-' + B.[n-2]2'»^ + B,[n-312^ + ... + B,[1]2 + B,[0]. carry bits 
of the second integer B are represented by the binary numbers {Bap]} in the form B, = BJr>-1]2'^^ + Ba[n- 
2)2^ + BJn-31^ + ... + 8J112 + BJOJ, base bits of the thinJ Integer C are represented by the binary 

10 numbers {Cni} in the form C, = C,[n-1]2^^ + C,[n-212"-2 + C,[n-3]2'»^ + ... + C.tn-2J2 + C,[01 carry bits 
of the third integer C are represented by the binary numbers {CJi]} in the form C = CJn-112^^ + CJn-21- 
2^ + Ca[n-3]2*^ + .« + Cj:n-2]2 + CJO], and the fourth integer p is represented by the binary numbers 
{Pp]} in the fomn p = P[n-1]2^^ + P[r\-2^ + P[n-3]2n'^ + ... + P(1]2 + P[01 whereby C = (A + B) 
mod p, comf^sing: 

75 first-base-register means for storing the base bits of the first integer A; 
first-carry-register means for storing the carry bits of the first integer A; 
second-basa-register means for storing the base bits of the second integer B; 
second-canry-register means for storing the carry bits of the second integer B; 
feedbadc means for generating a feedback number F. wherein the feedback number F is the two's 
20 complentent of the fourth integer p and thereby F = 2" -p; 

arithmetic means coupled to said first-t>ase-register means, said first-carrynregister means, said 
secoTKHbase-register means, and said second-canry-register means, for simultaneously adding the base bits 
and carry bits of the first integer A to the respective base iits of the second integer B to generate a first 
sum having base bits and carry bits, and subsequently adding the base bits and canry bits of the first sum 
25 to the re^)ective canry bits of the second integer B to generate the base bits and canry bits of the third 
integer C, respectivety; 

accumulator-base means coupled to said arithmetic means for storing the base bits of the third integer 

C; 

accumulator-canY means coupled to said arithmetic means for storing the canry bits of the third integer 

30 C; 

overflow means coupled to said accumulator base means and said accumulator canry means for 
counting and storing overflow bits as an overflow integer I; 

means coupled to said overffow means, said second-base-register means, and said feedt)ack means, 
and responsive to the overflow integer, for fetching the feedback number F from said feedback means and ' 
36 adding the fieedback number F to the third integer C; and 

means coupled to said accumulator-base means and responsive to the third integer C being greater 
than the fourth integer p. for reducing the third Integer C modulo the fourth integer p. 

11. A modulo arithmetic processor chip according to claim 10 wherein saki arithmetic means includes a 
plurality of foil adders coupled to saki first-base-register means, said first-canry-reglster means, said 

40 second-t)ase register means and said second-carry-register means, for simultaneously adding the base bits 
and carry bits of the first integer A to the respective base bits of the second integer B to generate a first 
sum having base bits and canry bite, and storing the base bits and canry bits of the first sum in said base 
accumulator means and said carry accumulator means, respectively. 

1Z A moduto arithmetic processor chip accorcfing to daim 11 further including multiplex means coupled 

45 to said pluraTrty of foil adders, said first-base-register means, said first-canry register-means, said second- 
base-register means, said second-register means, said base-accumulator means. axKl said canry-accumuta- 
tor means, for switching said pluraflty of foil adders for simultaneously adding the base bits and carry bite of 
the first sum in said base-accumulator means and said carry accumulator means to the carry bits of the 
second integer B to generate the third integer C. and storing the base bits and canry bits of tiie third integer 

50 C in said t)ase-accumulator means arxi said canry accumulator means, respectively. 

13. A modulo arithmetic processor chip for multiplying a first integer A having r>-t)its by a second 
integer B having n-bite, wherein the first integer A times tiie second integer B equals a third integer C 
having n-bits, modulo a fourth integer p having n-bits. wherein the first integer A is represented by the 
binary numbers {A[i]} In ttie form A = A[n-1]2^^ + AIn-2J^ + A[iv3J2'*^ + ... + AI1]2 + AtO], the 

55 second integer B is represented by the binary numbers {Bp]} in ttie form B = B[n-1]2^' + B[n-2]2^ + &• 
[n-3]2^ + ... + B[1]2 + B[0]. 

tite ttiird integer C is represented by the binary numbers {Cp]} in the form C = C[n-1]2^^ + C[n-2]2^ + 
C[n-3J2^ + ... + C(1]2 + C[OI. and the fourtti integer p is represented by the binary numbers {Pp]} in ttie 
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form p = Ptn-1]2^^ + P[n-2]2"^+ P[n-312^ + ... + P[1]2 + P[0]. whereby C = A B mod p. comprising: 
first register means for storing the first integer A; 
second register means for storing the second Integer B: 
feedback means for generating a feedback number F, wherein the feedback number F is the two's 
5 compliment of the fourth integer p and thereby F = 2" -p; 

first-partiai-reduction means coupled to said second register means and responsive to the most 
significant position of the second integer B shifted left from said second register means for adding the 
feedback number F to the second integer B. thereby partially reducing the second integer B; 

arithmetic means coupled to said first register means, and said second register means, and responsive 
10 to the least significant position of the first integer A shifted right from said first register means, for adding 
the second integer B to the tiiird integer C; 

accumulator means coupled to said arithmetic means for storing the tiiird integer C; 
overflow means coupled to said accumulator means for counting and storing overfiow bits as an 
overfiow integer I; 

75 second-partial-reductions means coupled to said first register means, said second register means, said 
overflow means and said aritttmetic means, and responsive to the completion of multiplying the first integer 
A by the second integer B, for transferring the overftow integer I into saW first register means, transferring 
the feedljack number F into said second register means, and multiplying feedback number F tjy the 
overflow integer I to generate a product, and adding tiie product to tiie third integer C in said accumulator 

20 means: and 

means coupled to said accumulator means and responsive to the third integer C toeing greater than the 
fourth integer p, for reducing third integer C modulo the fourth integer p. 

14. A modulo arithmetic processor chip for multiplying a first integer A having rH)its by a second 
integer B having n-bits, wherein the first integer A times the second integer B equals a third integer C 
25 having n-brts, modulo a fourth integer p having n-btts, wherein the first integer A is represented by the 
binary numbers {AD]} in the fonnn A = Afn-ip*^^ + A[n-2]2"^ + Atn-3)2^ + ... + A[112 + HO], second 
integer B is represented by the binary numbers {BDI} in ttie form B = B[n-1 J2^^ + Btn-212** + B[n-3]2^ 
+ ... + B[1]2 + B(0]. the tiiird integer C is represented by tfie binary numbers {CD]} in the form C = C[n- 
1]2^^ + qn-212^ + C[n-3]2**^ + ... + C(1]2 + C[0], and tiie fourth integer p Is represented by the binary 
30 numbers {PDI} in the form p = P[n-112^' + Ptn-2]2"^ + P[n-3]2^ + ... + P[l]2 + P[0], whereby C = 
A B mod p, comprising: 

first register means for storing ttie first integer A; 
second register means for storing the second integer B; 
feedback means for generating a feedback number F. wherein tiie feedback number F is the two's 
35 complement of tiie fourth integer p and tfiereby F = 2" -p; 

arithmetic means coupled to said first register means and said second register means, and responsive 
to the least significant position of the first integer A shifted right from said first register means, for adding 
the second Integer B to the third integer C: 

accumulator means coupled to said arithmetic means for storing the tiiird integer C; 
40 overflow means coupled to said accumulator means for counting and storing overflow bits as an 

overflow integer 1; 

second-partiaHBduction means coupled to said overflow means, said feedt)ack means, said first- 
register means and said secondnegister means, and responsive to the completion of multiplying the first 
integer A by the second integer B, for transferring the overflow integer I into said first register means, 
45 transfening the feedback number F into said second register means, and multiplying feedback number F by 
the overflow integer I to generate a product, and adding the product to the third integer C in said 
accumulator means; and 

means coupled to said accumulator means and responsive to the third integer C t^ing greater than 
fourth integer p, for reducing the tiiird integer C modulo the fourth integer p. 

50 15. A modulo arithmetic processor chip for multiplying a first integer A having n-bite by a second 
integer B having n-bits wherein the first integer A times ttie second integer B equals a tiiird integer C 
having n-bite, modulo a fourth integer p having n-bite, wherein the first integer A is represented by the 
binary numbers {Afi]} in tiie fomi A = A[n-1]2"-^ + A[n-2]2^ + A[n-312"^ + ... + AllJZ + A[0]. second 
integer B is represented by the binary numbers {Bp]} in tiie form B = B[n-1]2'^^ + Btn-2]2^ + Btn-312^ 

55 + ... + Btip + B[0]. ttie ttiird integer C is represented by ttie binary numbers {Cp]} In ttie form C = Cln- 
112^^ + C[n-212^ + C[n-3]2^ + ... + C[1]2 + C[0], and ttie fourth integer p is represented by the binary 
numbers {Pp]} in ttie fomi p = P[n-1]2'»-^ + Ptn-2]2^ + Ptn-3]2'*^ + ... + P[112 + P[0]. whereby C = 
A B mod p, comprising: 
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first-register means for storing the first integer A; 
second-register means for storing the second integer B; 

feedback means for generating and storing a feedback number F, wherein the feedt>ack number F is 
the two's compfiment of the fourth integer p and thereby F = 2" -p; 
5 first-partiaJ-reduction means coupled to said second register means and responsive to In the most 

significant position of the second integer B shifted left from said second register means, for adding the 
feedback numt)er F to the second integer B, thereby partially reducing the second integer 8; 

arithmetic means coupled to said first register means, and said second register means, and responsive 
to the least significant po^on of the first integer A shifted right from said first register means, for adding 
10 the second integer B to the third integer C; 

accumulator means coupled to said arithmetic m9ans for storing the third integer C: and 
means coupled to said accumulator means and responsive to the third integer C being greater than 
fourth integer p, for reducing the third integer C modulo the fourth integer p. 

16. A modulo arithmetic proc^sor chip according to claim 14 or daim 15 wherein said arithmetic 
75 means includes a plurality of full adders coupled to said second register means, for simultaneously adding 

the second integer B to the third integer C. 

17. A modulo arithmetic processor chip according to daim 14 or daim 15 wherein said arithmetic 
means includes a plurality of half adders coupled to said second register means, for simultaneously adding 
the second integer B to the third integer C. 

20 18. A modulo arithmetic processor chip for multiplying a first integer A having n-bits by a second 
integer B having n-bits, wherein the first integer A times the second integer B equals a third integer C 
having n-bits, modulo a fourth integer p having n-btts, and wherein the base bits of the first Integer A are 
represented by the binary numbers {A,OI} in the form A, = A.[n-1]2*^ + A.[n-2]2^ + Ai[n-3]2'*^ + ... + 
A.[112 + A,[0], the carry bits of the first integer A are represented by the binary numbers {Aa[i]} in the form 

25 A, = AJn-Ija?*"^ + AJn-ajZ*^ + AJn-3]2^ + ... + AJIJZ + AJOL the base Iwts of the second integer B 
are represented by the binary number {BrpJ} in the form B, = B,(n-112^^ + B^n-zp^ + B,[n-3]2*^ + ... 
+ B,[112 + B,[01 the carry bits of the second Integer B are represented by the binary numbers {BJiD 
the fbnn B, = BJn-112^' + BJn-212"^ + BJn-312'*^ + ... + BJ1]2 + BJO], the base bits of the third 
integer C are represented by the binary numbers {Cp]} in the fbnm C, = C»[n-1]2^^ + C,[n-2]2'*^ + C,(n- 

30 3]^ + .« + C,[n-2]2 + C.[Oi the canry bits of the third integer C are represented by the binary numbers 
{CJI]} in the fonn C = CJn-1]2^^ + Cyn-2]2^ + CJn-3]^ + .« + CJn-2]2 + CJO]. and the fourth 
Integer p is represented by the binary numbers {P[i]} in the form p= P[n-1]2^^ + P[n-2]2^ + P[n-312^ 
+ ... + P(112 + P[0]. whereby C =i A B mod p, comprising: 

first-base-register means for storing the base bits of the first Integer A; 

35 first-carry-register means for storing the carry bits of the first integer A; 

second-t)as&-register means for storing the base bits of the second integer B; 
second-carry-register means for storing the carry bits of the second integer B; 
feedt)ack means for generating a first feedback number R. a second feedback number F,. a third 
feedback number F,, and a fourth feedt)ack number F*, wtierein the first fsedkxick number F, is the two's 

40 complement of fourth integer p and thereby F. = 2" -p. the second feedt>ack number Fa equals two times 
first feedback numt}er F, and thereby F, = 2Fi mod p. the thtrel feedback number F, equals three times first 
ieedback number F, and thereby F, = 3F, mod p. the fourth feedback number F* equals four times first 
feedback number F, and thereby F4 = 4F, mod p: 

first-partiakeduction means coupled to said second-base-regist^ means, to said second-canry-register 

45 means and to said feedback means and responsive to the rmsX signifk:ant base bits and canry bits of the 
second integer B shifted left from said second-t)ase-fegister means and said second-carry-register means, 
for adding first, second, third or fourth feedback number acconjing to a preselected choice of the shrfted-left 
base bits and carry bits of the second integer B, to the second integer B, thereby partially reducing the 
second Integer B; 

50 arithmetic means having a plurality of full adders, coupled to said first-baee-reglster means, said first- 
cany-reglster means, said second-base-register means, and said second-carry-register means, and respon- 
sive to the least significant position of the first integer A shifted right from said first register means, for 
simultaneously adding with said plurality of full adders ttie base bits and carry bits of the second integer B 
to the respective base bits of the third integer C to generate a first sum having base bits and carry bits, and 

55 subsequently adding with said plurality of full adders the base bits and canry bits of the first sum to the 
respective canry bits of the third integer C; 

accumulator-base means coupled to said arithmetic means for storing the base bits of the third integer 

C; 
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accumulator-carry means coupled to said arithmetic means for storing the carry bits of the third integer 

C; 

overflow means coupled to said accumulator means for storing an overflow integer I; 
second-partiai-reduction means coupled to said overflow means, said feedback means, said first-base- 
s register means and said second-base-register means, and responsive to the overflow integer I = 1. 2, 3, or 
4, respectively, for fetching the first second, third, or fourth feedback number, respectively, from said 
feedback means into said second-t)ase-register means and adding the first, second, third, or fourth 
feedback number, respectively, using arithmetic means to the third integer C in said accumulator-base 
means and said accumulator-cany means; and 
70 means coupled to sakJ accumulator-base-means and responsive to the third integer C being greater 
than the fourth integer p, for reducing the third integer C modulo the fourth integer p. 

19. A modulo arithmetic processor chip for multiplying a first integer A having n-bits by a second 
Integer B having n-bits. wherein the first integer A times the second integer B equals a third integer C 
having n-bits, modulo a fourth integer p having n-bits, whereby C = A B mod p, comprising: 

75 first-base-register means for storing the base b«ts of the first integer A; 
first-canry-register means for storing the carry t>rts of the first integer A; 
second-base-register means for storing the base bits of the second integer B; 
second-canry-register means for storing the carry bits of the second integer B; 
feedback means for generating a first feedback number F,. a second feedback number Fa, a third 
20 feedback number F„ and a fourtti feedback number F«, wherein tfie first feedback number F, is the two's 
complement of fourth integer p and thereby F, = 2" -p. the second feedback number F, equals two times 
first feedback number F, and thereby F, = 2F, mod p. the third feedback number F, equals three times first 
feedback number F, and thereby F, = 3F, mod p. ttie fourtti feedback number F4 equals four times first 
• feedback number F, and tiiereby F» = 4F, mod p; 
25 arithmetic means coupled to said first-base-register means, said first-canry-register means, said 

second-t)ase-regist6r means, and said second-carry-register means, and responsive to the least significant 
position of ttie first integer A shifted right from said first register means, for adding tt>e base bits and canry 
bits of ttie second integer B to ttte respective l5ase bits of tiie ttilrd integer C to generate a first sum having 
base bits and carry bits, and subsequentiy adding the base bits and carry bits of tiie first sum to tiie 
30 respective carry bits of the tiiird integer C; 

accumulator-t>ase means coupled to said arithmetic means for storing the base bits of the third integer 

C: 

accumulator-carry means coupled to said arithmetic means for storing ttie canry bits of ttie third integer 

C; 

35 overflow means coupled to said accumulator means for storing an overflow integer I; 

second-partiaf-reduction means coupled to said overflow means, said feedback means, said first-t>ase- 
register means and said second-basa-register means, and responsive to ttie overflow integer I = 1 , 2, 3, or 
4. for fetching ttie first, second, ttiird. or fourtti feedback number, respectively, from sakl feedback means 
into said second-base-register means and adding ttie first, second, ttiird, or fourtti feedback number, 
40 respectively, using arittimetic means to ttie tiiird integer C in said accumulator-base means and said 
accumutator-carry means; and 

means coupled to said accumulator-base means and responsive to tiie ttiinj integer C being greater 
than ttie fourtti integer p. for reducing ttie ttiird integer C modulo ttie fourtti integer p. 

20. A modulo arittimetic processor chip for multiplying a first integer A having n-bits by a second 
45 integer B having n-bits, wherein ttie first integer A times ttie second integer B equals a third Integer C 

having n-bits, modulo a fourth integer p having n-bits, whereby C = A B mod p. comprising: 
first-base-register means for storing ttie base bits of ttie first integer A; 
first-cany-register means for storing tiie carry ttts of ttie first integer A; 
second-bas&-register means for storing the base bits of the second integer B; 
50 second-carry-register means for storing the carry bits of ttie second integer B; 

feedback means for generating a first feedback number F„ a second feedback number F^ a ttiird 
feedback number F„ and a fourtti feedback number F*. wherein ttie first feedback number F, is ttie two's 
complement of fourtti integer p and ttiereby F, = 2" -p. ttie second feedback number F, equals two times 
first feedback number F, and ttiereby F, = 2F, mod p. ttie ttiird feedback number F, equals ttiree times first 
55 feedback number F, and ttiereby F, = 3F, mod p. ttie fourtti feedback number F» equals four times first 
feedback number F, and ttiereby F* = 4F, mod p; 

first-partial-reduction means coupled to said second-base-register means, to said second-carry-register 
means and to said feedback means and responsive to ttie most significant base bits and carry b'rts of the 
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second integer B shifted left from said second-base-register means and said second-carry-register means 
for adding first, second, third or fourth feedback number according to a preselected choice of the shifted-left 
bBSB bits and carry bits of the second integer B. to the second integer B. thereby partially reducing the 
second integer B; 

5 arfthmetfc means coupfed to said first-base-register means, said first-carry-register means, said 

second-t)ase-reg]ster means, and said second-carry-register means, and responsive to the (east significant 
position of the first integer A shifted right from said first register means, for adding the base bits and carry 
bits of the second integer B to the respective base bits of the third integer C to generate a first sum having 
base bits and carry bits, and subsequently adding the t>ase bits and carry bits of the first sum to the 

w respective carry bits of the third integer C; 

accumulator-base mear^ coupled to said accumulator means for storing the base bits of the third 
integer C; 

accumulator-carry means coupled to said accumulator means for storing the carry bits of the third 
integer C; 

75 overflow means coupled to said accumulator means for storing an overflow integer I; 

means coupled to said accumulator-t)ase means and responsive to the third Integer C being greater 
than the fourth integer p. for reducing the third integer C modulo the fourth iriteger p. 

21. A modulo arithmetic processor chip for multiplying a first integer A having n-bits by a second 
integer B having n-bits, wherein the first integer A times the second integer B equals a third integer C 
20 having n-btts, modulo a fourth integer p having n-bits^ whereby C = A B mod p. comprising: 
first-base-register means for storing the t>ase bits of the first integer A; 
first-<:arry-register means for storing the carry t^its of the first irtteger A; 
second-t>ase-register means for storing the base bits of the second integer B; 
second-carry-register means for storing tfie carry bits of the second integer B; 
2S feedback means for generating a first feedback number F„ wherein the first feedback number F, is the 
two's complement of fourth integer p and thereby F, = 2" -p; 

arithmetic means coupled to said first-t)ase-register means, said first-carry-register means, said 
second-base-register means and said second-canry-register means, and responsive to the least significant 
position of the first integer A shifted right from said first register means, for adding the base bits and carry 
30 tits of the second integer B to the respective base bits of the third integer C to generate a first sum having 
t>ase bits and canry bits, and subs^uentty adding the base bits and carry bits of the first sum to the 
respective carry bits of the thind integer C; 

accumulator-t}ase means coupled to said arithmetic means for storing the base bits of the third integer 

C; 

35 accumulator-carry means coupled to said arithmetic means for storing the carry bits of the third integer 
C; 

overflow means coupled to said accumulator means for storing an overflow integer I; and 
mear)s responsive coupled to said accumulator-t>ase means to the third integer C toeing greater than 
the fourth integer p, for reducing the third integer C modulo the fourth Integer p. 
40 22. A modulo arithmetic processor chip for multiplying a first integer A having n-t^ by a second 
integer B having n-bits, wherein the first integer A times the second integer B equals a third integer C 
having n-bits, modulo a fourth integer p having n-t^, and wherein the base bits of the first integer A are 
represented by the binary numbers {A,[rQ in the form A, = A,[n-1J^^ + A,[n-2J?*^ + A,[n-3]2'*^ + ... + 
Ai[1]2 At[0]. the carry bits of the first integer A are represented by the binary numk>ers {AJiQ in the form 
45 Aa = AJn-112"-^ + AJn-212'*^ + AJn-312'*^ + ... + AJ1J2 + AJOl the base bits of the second integer B 
are represented by the binary numbers {B,[i]} in the fonti B, = B,[n-1]2^^ + B,[n-2]2^ + B,[n-3]2'*^ + .« 
+ Bt[1]2 + B,[01, the carry bits of the second integer B are represented by the binary numt)ers {BJi]} in 
the fomri B, = BJn-112^^ + BJn-212^ + BJn-312"^ + ... + BJ1]2 + BJQl the base bits of the third 
integer C are represented by the binary numbers {C.p]} in the form C, = C.[n-1]2"'^ + C,[n-212'^ + C.[n- 
50 312^ + ... + C.[n-2J2 + Cr[01. the carry bits of the third integer C are represented by the binary numbers 
{CJII} in the form C = CJn-112'-^ + CJn-212*^ + CJn-312'*^ + ... + a[n-2]2 + CJOL and the fourth 
integer p is represented by the binary numbers {Pp]} in the fbrm p = P[n-112"'^ + P[n-2]2'*^ + P[n-3]2^ 
+ ... + P[1]2 + P[Ol whereby C = A B mod p, comprising: 

first-base-register means for storing the t>ase bits of the first integer A; 
55 first-carry-register means for storing the carry bits of the first integer A; 

second-t)ase-register means for storing the base units of the second integer B; 
second-carry-register means for storing the carry bits of the second integer B; 
feedback means for generating a first feedback number F„ a second feedheck number Fa. a thinj 
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feedback number F,. and a fourth feedback number F», wherein the first feedback number F. is the two's 
complement of fourth integer p and thereby F, = 2" -p, the second feedback number F, equals two times 
first feedback number F, and thereby F, = 2F, mod p. the third feedback number F, equals three times first 
feedback number F, and thereby F, = 3F, mod p, the fourth feedback number F* equals four times first 

5 feedback numt>er F, and thereby F« = 4F, mod p; 

first-partial-reduction means coupled to said second-base-register means, to said second-canry-register 
means and to said feedback means and responsive to tiie most significant base t)its and carry bits of the 
second Integer B shifted left from said second-base-register means and said second-cany-register means, 
for adding first second, tiiird or fourth feedback number according to a preselected chofce of ttie shrfled-lefl 

10 base bits and carry brts of the second integer B. to ttie second integer B, tiiereby partially reducing the 
second integer B; 

aritiimetic means having a plurality of full adders, coupled to said first-base-register means, said first- 
carry-register means, said second-t)ase-register means, and said second-carry-reglster means, and respon- 
sive to the least significant position of the first integer A shifted right from said first register means, for 
15 simultaneously adding with said plurality of full adders the base bits and canry brts of the second Integer B 
to tiie respective base bits of the third integer C to generate a first sum having base tMts and cany bits, and 
subsequentiy adding witti said plurality of full adders the base bits and canry bits of ttte first sum to ttie 
respective canry bits of tiie tiiird integer C: 

accumulator-base means coupled to said arithmetic means for storing the base bits of the third integer 

20 C; 

accumulator-carry means coupled to said arithmetic means for storing the carry bits of the third integer 

C; 

overflow means coupled to said accumulator means for storing an overflow integer I; 
second-partial-reduction means coupled to said overflow mearrs, saki feedback means, said first-base- 
25 register means and said second-base-register means, and responsive to the completion of multiplying the 
first integer A by the second integer B, for transfening the overflow integer I Into sakJ first register means, 
transferring tiie first feedback number F, into said second register means, and multiplying tiie first feedtiack 
number F, by the overflow integer I to generate a product, and adding the product to ttie third integer C in 
said accumulator-t)ase means and said accumulator-carry means; and 
30 means coupled to sad accumulator-base-means and responsive to the third integer C tieing greater 
than the fourth integer p, for reducing the third integer C modulo the fourtii integer p. 

23. A modulo arithmetic processor chip for multiplying a first integer A having n-bits by a second 
integer B having n-brts, wherein ttie first integer A times ttie second Integer B equals a tiiird integer C 
having n-bits, moduto a fourth integer p having n-bits. whereby C = A B mod p, comprising: 
35 first-base-register means for storing ttie base bits of the first integer A; 
first-carry-register means for storing the carry bits of ttie first integer A; 
S8cond-t>ase»register means for storing the base bits of the second integer B; 
second-carry-register means for storing the carry bits of the second integer B; 
feedback means for generating a first feedback numt^er F„ a second feedback number Ft, a ttiird 
40 feedback numt)er F,. and a fourth feedback number F«. wherein tiie first feedback number F, is the two's 
complement of fourtfi integer p and tiiereby F, = 2" -p, ttie second feedback number F, equals two times 
first feedback number F, and ttiereby F, = 2F, mod p. tiie tiiinj feedback number F, equals three times first 
feedback number F, and thereby F, = 3F, mod p. ttie fourth feedback numt>er F* equals four times first 
feedback number F. and ttiereby F* = 4F, mod p; 
45 arittimetic means coupled to said first-base-register means, said first-canry-register means, said 

second-base-register means, and said second-canry-register means, and responsive to the least significant 
position of ttie first integer A shifted right from said first register means, for adding ttie base bits and carry 
bits of ttte second integer B to ttie respective base bits of tiie ttiird integer C to generate a first sum having 
base bits and carry t>its. and subsequently adding the base bits and carry bits of the first sum to the 
50 respective carry bits of ttie ttiird integer C; 

acaimulator-t>ase means coupled to said arithmetic means for storing the base bits of the third integer 

Cr 

accumulator-carry means coupled to said arithmetic means for storing ttie carry bits of the third integer 

C: 

55 overflow means coupled to said accumulator means for storing an overflow integer I; 

second-partial-reduction means coupled to said overflow means, said feedback means, said flrst-t)ase- 
register means and said second-tjase-register means, and responsive to the completion of multiplying the 
first integer A by tiie second integer B, for transferring ttie overflow integer I into said first register means. 
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transferring the first feedback numt>er F, into said second register means, and multiplying the first feedback 
number F, by the overftow integer I to generate a product and adding the product to the third integer C in 
said accumulator-base means and said accumulator-carry means; and 

means coupled to said accumulator-base means and responsive to the third integer C being greater 

5 than the fourth integer p. for reducing the third Integer C modulo the fourth integer p. 

24. A modulo arithmetic processor chip according to any one of claims 19 to 21 and 23, wherein said 
arithmetic means includes a plurality of full adders coupled to said $econd-t»ase-register means and said 
second-carry-register means, for simultaneously adding the base bits and carry bits of the second integer B 
to the base bits of the third Integer C to generate tiie first sum having base bits and carry bits. 

70 25. The modulo arrtiimetic processor chip as set forth in claim 24 furtiier including multiplexer means 
for controlling said plurality of full adders to add the base bits and cany bits of tiie first sum to the carry 
trits of the third integer C- 
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